GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
Identity Spoofing in libp2p-secio
Critical
GHSA-rch7-f4h5-x9rj
was published
for
libp2p-secio
(npm)
Aug 23, 2019
GitLab auth uses full name instead of username as user ID, allowing impersonation
Critical
CVE-2020-5415
was published
for
github.com/concourse/concourse
(Go)
Dec 20, 2021
Argo CD will blindly trust JWT claims if anonymous access is enabled
Critical
CVE-2022-29165
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP...
Critical
Unreviewed
CVE-2020-22001
was published
May 24, 2022
An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x...
Critical
Unreviewed
CVE-2022-2310
was published
Jul 28, 2022
A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon...
Critical
Unreviewed
CVE-2018-7842
was published
May 24, 2022
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all...
Critical
Unreviewed
CVE-2021-22779
was published
May 24, 2022
Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By...
Critical
Unreviewed
CVE-2020-7388
was published
May 24, 2022
Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are...
Critical
Unreviewed
CVE-2021-34646
was published
May 24, 2022
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler...
Critical
Unreviewed
CVE-2017-14375
was published
May 13, 2022
Authentication Bypass in dex
Critical
CVE-2020-27847
was published
for
github.com/dexidp/dex
(Go)
Dec 20, 2021
The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by...
Critical
Unreviewed
CVE-2017-14487
was published
May 13, 2022
In the case of instances where the SAML SSO authentication is enabled (non-default), session data...
Critical
Unreviewed
CVE-2022-23131
was published
Jan 14, 2022
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of...
Critical
Unreviewed
CVE-2022-24112
was published
Feb 12, 2022
Implementation trusts the "me" field returned by the authorization server without verifying it
Critical
GHSA-mjcr-rqjg-rhg3
was published
for
datasette-indieauth
(pip)
Nov 24, 2020
Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows...
Critical
Unreviewed
CVE-2023-4178
was published
Sep 5, 2023
Grafana vulnerable to Authentication Bypass by Spoofing
Critical
CVE-2023-3128
was published
for
github.com/grafana/grafana
(Go)
Jun 22, 2023
Vulnerability of identity verification being bypassed in the face unlock module. Successful...
Critical
Unreviewed
CVE-2023-5801
was published
Nov 8, 2023
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and...
Critical
Unreviewed
CVE-2023-51350
was published
Jan 12, 2024
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a
allows remote...
Critical
Unreviewed
CVE-2023-31424
was published
Aug 31, 2023
** UNSUPPPORTED WHEN ASSIGNED **
** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an...
Critical
Unreviewed
CVE-2023-3243
was published
Jun 28, 2023
Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This...
Critical
Unreviewed
CVE-2023-2887
was published
May 25, 2023
Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS...
Critical
Unreviewed
CVE-2023-2807
was published
Jun 13, 2023
Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For...
Critical
Unreviewed
CVE-2021-25827
was published
Jun 28, 2023
An authentication bypass issue via spoofing was discovered in the token-based authentication...
Critical
Unreviewed
CVE-2023-22814
was published
Jul 1, 2023
ProTip!
Advisories are also available from the
GraphQL API